I've been looking around to get some clarity on this but it seems like I'm the only stupid one having a problem with it.
Case is, I can't connect to Amazon S3 with Espresso. Or I think the case is rather that I don't know how to. I mean, I have my username, access key and secret key. Espresso asks for the username and password. So which one is my password? What should I use as the "server"? The port? I just can't make it work.
Sorry for being stupid but please help me out here. I know there are many of yous who use both Espresso and Amazon S3.
Many thanks in advance.
Way old question, but for the ones (like me) who googles it and ends up here, I found out how to make it work:
Server: s3.amazonaws.com
User name: Your access key
Password: Your secret access key
Related
I haven't logged on to my EC2 recently in a few months. Last time I did, it seems like the RDP file that I downloaded had the password in it. That laptop died.
Today, it seems like AWS/EC2 has changed how things work. I'm able to download the RDP file, but it is prompting for a password. When I try to decrypt the password, it wants me to paste or browse to a file on my disk, which I don't have.
Is there a way to re-download my key info? On security then "Key Pairs", I see the key for this server. Can I download that to my disk, or open it somehow?
I see these steps, but they look overwhelming, i.e. I don't have time for that now; I have real work to do:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ResettingAdminPassword_EC2Config.html
I was able to create a new key pair, but not sure if I can associate it with the instance.
When I click "Get Password" this screen appears:
UPDATE 1: I did find my .pem file, so I was able to use that to logon.
Had I not found it, what would I do?
UPDATE 1: I did find my .pem file, so I was able to use that to logon. Had I not found it, what would I do?
Not much really! This is by design. AWS doesn't store your encryption key, and this prevents AWS personnel to access your instance. That's why you get such an ominous warning when pem file is generated: this is your one and only opportunity to see it - don't lose it.
That said, there are several however.
If you changed your Windows password in windows, or created a new AMI and launched a new instance from it - the pem file won't really help. You can probably create 2 administrator accounts; so if one forgets their password, you can reset it with another one.
Second - if your EBS is not encrypted, you can detach it, launch another instance, and attach EBS to new instance. You won't get your instance back, but you will get the data from that drive.
Finally, the "overwhelming" steps from the link that you posted. Follow good security posture, and you won't need them. But if you get sloppy, it may become your real work... better than polishing a resume...
I have a machine which I want to find where my password hash is stored.
the set command returns details about the account and shows that it is connected to a domain however it doesn't show in net user. As well as this on advanced system settings -> User profiles the account shows as type: local and Status: local.
It seems to be a domain user however windows doesn't think it's on a domain.
Because of this searching for hashes has only brought up dead ends. They aren't in the SAM file and they aren't in SECURITY. I also tried password recovery software and the account simply didn't show.
I could see the correct hash through sekurlsa::LogonPasswords full - specifically serkurlsa::msv with mimikatz but now I would like to know where they are stored.
I know they are cached somewhere as I can login without internet, so I think I'm specifically looking for this file.
A brief search of the command suggests they are in the SAM database but I know they aren't.
Any assistance would be appreciated.
I am trying to rotate the user access keys & secret keys for all the users, last time when it was required I did it manually but now I want to do it by a rule or automation
I went through some links and found this link
https://github.com/miztiik/serverless-iam-key-sentry
with this link, I tried to use but I was not able to perform the activity, it was always giving me the error, can anyone please or suggest any better way to do it?
As I am new to aws lamda also I am not sure that how my code can be tested?
There are different ways to implements a solution. One common way you can automate this is through a storing the IAM user access keys in Secret Manager for safely storing the keys. Next, you could configure a monthly or 90 days check to rotate the keys utilizing the AWS CLI and store the new keys within AWS Secrets Manager. You could use an SDK of your choice for this.
Just had this question as I not a developer if the question might sounds or silly please don’t judge.
Basically I created and instance on aws and at the end of the process I was issued private SSH key which says keep it save and don’t share it.
Now if I would like to my developers to have access to instance files and do the coding and etc. Do I need to share my private key? Or I need to create public SSH key only for their use?
How can i create it?
Can I delete it this public key and cancel access to those files after the job completion?
Please any help would be very appreciated!!!
One way (since the ssh key you were given can be used on other EC2 instances created from your account) would be for your users to create an ssh key pair and give you their public key. You then add the key to the end of the file ${HOME}/.ssh/authorized_keys. This will give your developers and other users access to only the instances you want them to have access to.
The best way would be to create an account for each person (on each server you want them to have access to) and add their public key to the ${HOME}/.ssh/authorized_keys file for their account. Then give them sudo access as needed.
From your description, you've created an instance via the UI on aws. You got given an SSH Keypair that you can use to connect. The steps to connect is at here : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html ( Step 2 )
You should not share the key with anybody, instead as a root owner you can enable password access to the servers. You can create developer user(s) and give them those credentials with needed access only.
Here are the steps to enable password access.
OR
If you don't want to enable password access then get the public keys from the developers and add them in authorised_keys file.
Here are the steps.
I have been looking into Ansible vault but want to check something incase I have missed a crucial point.
Do you have to run the playbook and provide the password. Encrypting the data seems a great idea but if I share the playbook the person running it will require the password. If they have the password then they can decrypt the file and see the data.
I would like to use it to set passwords for files but would like non admins to be able to run the playbook.
Have I missed something. I am struggling to see its worth if this is the case.
Thanks
The purpose of the vault is to keep secrets encrypted "at rest" (eg, in your source control repo, on-disk), so that someone can't learn the secrets by getting ahold of the content. As others have mentioned, if you want to delegate use of the secrets without divulging them, you'll need an intermediary like Tower.
In your case you need something that will be brokering ansible execution. Because like you've said an encryption would be useless if you share the password.
Like it's mentioned in the comment you can use Ansible Tower, or you can try and set a simple http endpoint that will be trigerring ansible based on specified parameters.